Flow-based identification of botnet traffic by mining multiple log files

2008 1st International Conference on Distributed Frameworks and Application, DFmA 2008

Volumn , Issue , 2008, Pages 200-206

  Masud, Mohammad M ^a   Al khaleeb, Tahseen ^a   Khan, Lalifur ^a   Thuraisinghatn, Bhavani ^a   Hamlcn, Kevin W ^a  

^a The University of Texas at Dallas   (United States)

Author keywords

Botnet; Data mining; Intrusion detection; Malware

Indexed keywords

APPLICATIONS; COMPUTER CRIME; DATA MINING; FEATURE EXTRACTION; INFORMATION MANAGEMENT;

APPLICATION EXECUTIONS; BOTNET; COMMAND AND CONTROLS; HOST-BASED; LOG FILES; MALWARE; NETWORK PACKETS; RESEARCH TOPICS; TEMPORAL CORRELATIONS;

INTRUSION DETECTION;

EID: 63749106613     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICDFMA.2008.4784437     Document Type: Conference Paper

References (16)

1. T, Ferguson, "Botnets threaten the internet as we know it." ZDnet Australia, April 2008.
2. M. Rajab, J. Zarfoss. F. Monrose, and A, Terzis, "A multifaceted approach to understanding the botnet phenomenon," in Proc. 6th ACM SICCOMM Conference on Internet Measurement (IMC'06), 2006, pp. 41-51.
3. F Freiling. T, Holz. and G, Wicherski. "Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks." in Proc, lOth European Symposium On Research In Computer Security (ESORICS), vol. Lecture Notes in Computer Science 3676, September 2005, pp. 319-335.
4. J, B. Grizzard, V, Sharma, C Nunnery, E, B, Rang, and D, Dagan, "Peer-to-peer botnets: Overview and case study," in Proc. 1st Workshop on Hot Topics in Understanding Botnets, 2007, p. 1.
5. C Livadas, E, Walsh. D. Lapsley. and W. Straysr, "Using machine learning techniques to identify botnet traffic," in Proc. 31st IEEE Conference on Local Computer Networks (LCN'06). November 2006,pp. W-974.
6. J. Goebel and T. Hok, "Rishi: Identify bot contaminated hosts by irc nickname evaluation," in Proc. 1st Workshop on Hot Topics in Understanding Botnets, 2007, p. 8.
7. P. Baiford and V. Yegneswaran, An Inside Look at Botnets, set Advances in Information Security, Springer, 2006.
8. D, Diigon, C, Zou, and W. Lee, "Modeling hornet propagation using time zones," in Proc. 13th Network and Distributed System Security Symposium (NDSS'06), 2006.
9. E, Cook, F Jahanian, and D, McPherson, "The zombie roundup: Understanding, detecting, and disrupting botnets," in Proc. Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI'05), 2005, p. 6.
10. A. Karasaridis, B, Rexroad.and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proc. 1st Workshop on Hot Topics in Understanding Botnets, 2007, p. 7.
11. (2006) SDBOT information webpage. [Online]. Available: www.megasecuiity.org/trojans/s/sdbot/SdbotO.5a.html.
12. (2006) RBOT information webpage. [Online], Available: http://jarryd.onestop.nef/rxbot-howto.html.
13. (2007) The Unreal IRC Daemon website, [Online], Available: http://www.unrealired,com/.
14. (2007) The Windump website, [Online]. Available: http:/www.winpcap.org/ windump/.
15. M. M. Masud, L. Khan, and B. Thuraisingham, "A scalable multilevel feature extraction technique to detect malicious raecutables," Information Systems Frontiers, vol. 10, no. 1, pp. 33-45, March 2008.
16. (2008) The WEKA Data Mining with Open Source Software website. [Online], Available: http://www.cs.waikato.ac.nz/ml/weka/.